Sticking around to use the reference list for your own custom deployment? The below list should be used as a reference for your custom Office 365 deployment. You will need to select which records apply to your organization and fill in the appropriate values.

Often the SPF and MX records are the hardest to figure out. We’ve updated our SPF records guidance at the end of this article. The important thing to remember is that you can only have a single SPF record for your domain. You can have multiple MX records; however, that often is what causes problems for mail delivery. Having a single MX record that directs email to one mail system removes many of those potential problems.

Every Office 365 customer needs to add two records to their external DNS. The first CNAME ensures Office 365 can direct workstations to the appropriate identity platform. The second record that is required is a record to prove you own your domain name.

DNS record

Purpose

Value to use

CNAME

(Suite)

Used by Office 365 to direct authentication to the correct identity platform More Information

Alias: msoid

Target: clientconfig.microsoftonline-p.net

TXT

(Domain verification)

Used by Office 365 to verify only that you own your domain. It doesn’t affect anything else.

Host: @ (or, for some DNS hosting providers, your domain name)

TXT Value: A text string provided by Office 365

The Office 365 Add a domain wizard provides the values that you use to create this record.

Exchange Online requires several different records, the three primary records that all customers should use are the Autodiscover, MX, & SPF records.

Autodiscover allows client computers to automatically find Exchange Online and configure the client properly. The MX record tells other mail systems where to send email for your domain. The SPF record is used by recipient email systems to validate the server sending your email is one that you approve. See the bottom of this article for help understanding what to put in your SPF record.

Exchange Online customers who are using Exchange Federation will also have an additional CNAME and TXT record listed at the bottom of the table.

DNS record

Purpose

Value to use

CNAME

(Exchange Online)

Helps Outlook clients to easily connect to the Exchange Online service by using the Autodiscover service. Autodiscover automatically finds the correct Exchange Server host and configures Outlook for users.

Alias: Autodiscover

Target: autodiscover.outlook.com

MX

(Exchange Online)

Sends incoming mail for your domain to the Exchange Online service in Office 365.

Note:

Once email is flowing to Exchange Online, you should remove the MX records that are pointing to your old system.

Domain: For example, contoso.com

Target email server: <MX token>.mail.protection.outlook.com

Preference/Priority: lower than any other MX records (this ensures mail is delivered to Exchange Online) - for example 1 or 'low'

Helps to prevent other people from using your domain to send spam or other malicious email. Sender policy framework (SPF) records work by identifying the servers that are authorized to send email from your domain.

Helps Outlook clients to easily connect to the UNRESOLVED_TOKEN_VAL(ExchOnline) service by using the Autodiscover service when your company is using Exchange federation. Autodiscover automatically finds the correct Exchange Server host and configures Outlook for your users.

SharePoint Online only requires a DNS record if SharePoint Online is sending email to external recipients. If this is the case, an SPF record may be required to ensure mail delivery. See SPF records at the end of this article.

Remember, you can only have one SPF record for your domain. That single SPF record can have a few different inclusions (up to 10). Use the chart below to help you build the right SPF record for your environment. Choose one from below.

SPF records help to prevent other people from using your domain to send spam or other malicious email. Sender policy framework (SPF) records work by identifying the servers that are authorized to send email from your domain.

Note:

If the firewall or proxy server blocks TXT lookups on an external DNS, you should also add this record to the internal DNS record.

All SPF records contain three parts, the declaration that it is an SPF record, the domains & IP addresses that should be sending email, and an enforcement rule. You need all three to have a valid SPF record. Here’s an example of the most common SPF record for Office 365:

When you add this record to your DNS records, an email system that receives an email from your domain will look at this SPF record and if the email server that sent the message was an Office 365 server, they would accept the message. If it was your old mail system or a malicious system on the internet, they would consider this email un-safe.

If you have a more intricate scenario, use this table to determine what should be included in the value of the record:

If you’re…

Purpose

Add these includes

1

Any email system (required)

All SPF records start with this value

V=spf1

2

Exchange Online (common)

Use if you’re using Exchange Online

include:spf.protection.outlook.com

3

SharePoint Online (common)

Use if you’re using SharePoint Online

include:sharepointonline.com

4

A third party email system (less common)

include:<email system>

5

On-premises mail system (less common)

Use if you’re using Exchange Online Protection or Exchange Online plus another mail system

ipv4:<0.0.0.0>

- OR -

include:<mail.contoso.com>

The value for <0.0.0.0> or <mail.contoso.com> should be your other mail system that will send email for your domain.

6

Any email system (required)

-all

For example, if you are using the full Office 365 suite and are using MailChimp to send marketing emails on your behalf your SPF record at contoso.com might look like the following which uses row 1, 2, 3, 4, & 6 (remember row 1 & 6 are required):